Thales Blog

Thales Access Management Index 2022 Report: Still Many Steps Toward Zero Trust Security Despite Progress

September 22, 2022

Haider Iqbal Haider Iqbal | Director Business Development More About This Author >

Technology has become so pervasive that it has permanently changed how businesses operate and engage with their customers, how and where we work, and how we entertain ourselves. However, such a technologically oriented reality is accompanied by actual risks and threats, both internal and external, that take familiar shapes but have gained new power. Businesses worldwide quickly became aware of threats and attacks, like ransomware and distributed denial-of-service (DDoS) attacks, and quickly adjusted their defensive postures, strategies, and budgets.

The global edition of the 2022 Thales Access Management Index looks at various aspects of those impacts in a wide-ranging survey of security professionals and executive leadership that touches on issues including access management and access security, multi-factor authentication, zero-trust network access, security spending plans, remote work and VPNs, and ransomware. The 2022 Thales Access Management Study is based on data from a survey of nearly 2,800 security professionals and executive leaders in more than 15 countries across the globe.

More comfortable with new work trends despite the impact of attacks

Businesses are still concerned about the security risks that come with remote and hybrid work, although these worries appear to be less pressing than last year. Compared to 2021, only 31% of respondents said they had "very high" concern about the security risks and threats associated with remote work. Businesses are also developing more confidence in the capacity of access management systems to control such threats. More than 80% of respondents indicated some level of confidence in the ability of the present access security solutions to facilitate secure and convenient remote work, and 60% of them were either "very" or "significantly" confident.

Despite businesses beginning to feel safer, ransomware attacks are having a more significant impact. Nearly a quarter (21%) of those surveyed have been a victim of ransomware. Among those impacted, 12% experienced a severe impact on their external-facing activities, while 55% had internal processes interrupted. The biggest possible effect of a ransomware assault, according to nearly a quarter of respondents (23%), is financial loss, followed closely by lost productivity (19%) and recovery costs (18%).

Access management is important for Zero Trust security, but MFA and passwordless adoption still lags

An increasingly crucial component of securing any environment and guarding it against both internal and external threats is controlling access to resources, systems, and privileges. The numerous legislative initiatives across the globe demonstrate the significance of Identity and Access Management (IAM), where safeguarding identities is a cornerstone of Zero Trust security.

As a result, tools for controlling access rights and privileges are increasingly recognized as crucial for protecting infrastructure. Access management solutions were, therefore, the second most popular selection at 33% in terms of security budget priorities, which is not surprising.

Despite the importance of IAM and the fact that multi-factor authentication is an essential component of strong identity verification, MFA adoption is still in shallow waters. Multi-factor authentication (MFA) adoption has increased slightly compared to 2021; 56% in 2022, up from 51% in 2021. However, MFA continues to be the most frequently used IAM technology, followed by cloud-based single sign-on (SSO) at 51%. Organizations are yet to fully embrace passwordless technology, with only 48% stating that passwordless was their preferred authentication method.

Remote access remains the primary use case for MFA in 2022. 68% of remote or mobile non-IT employees used MFA to access corporate resources, followed by privileged personnel (52%) and third parties (consultants, partners, suppliers) at 49%. Contrarily, less than half of general employees (40%) use MFA at most companies. These patterns might be caused either by a failure to recognize that every employee is a possible target or by the challenges in implementing an all-encompassing access management solution.

Protecting both on-premises and cloud environments is the biggest challenge

The implementation of Zero Trust security goals, which heavily rely on identification, depends on access control and authentication. To accomplish this, access management tools must be able to safeguard both on-premises and cloud-based environments. This is the most commonly cited challenge for access management systems to address. It is also important to note that roughly 40% of polled companies keep distinct access control systems for their on-premises and cloud settings, which can add complexity and administrative burden.

The ability to handle hybrid and multi-cloud settings is another requirement for access management solutions. To that end, the majority of respondents (54%) stated that, as opposed to products from the cloud providers, agnostic access control solutions can best safeguard multi-cloud setups. Additionally, more than half (57%) of respondents think their businesses should be in charge of their own access security, while 41% prefer to have a third-party security provider rather than a cloud service provider supply their access security solution.

The tools and techniques for navigating the threat landscape have changed along with it. However, security plans and procedures still need to change to keep up with the dynamic threat environment, even with cutting-edge tools and more confidence. Access management would play a vital part in corporate security policies due to a wider shift toward a zero-trust model, with MFA serving as a key supporting enabler in this context.

You can read more insights by downloading the 2022 Thales Access Management Index report.